I have a customer with a Dell R340 with VMware loaded on it. The server currently doesn’t have TPM enabled on it so I am unable to add a Windows 11 VM due to the lack of TPM.

Are there any potential issues that could arise just enabling TPM in the BIOS? The steps seem pretty simple. Put the host in Maintenance Mode, reboot, enter the BIOS and enable TPM and SHA-256 encryption.

Thank you.

6 Spice ups

Why would you spin up a desktop environment on ESXi? There probably aren’t any TPM issues assuming the hardware has it, but be sure your version of ESXi supports it before you start messing with things. What’s your version level?

2 Spice ups

I don’t know the exact build off the top of my head, but it’s 7.x.

Will enabling TPM in the BIOS stop ESXi from booting for any reason?

2 Spice ups

Note: The person above does seem to be the same person that posted the question even though it is a different account. --Z

3 Spice ups

It shouldn’t prevent ESXi from booting, but it might not pass TPM to the VM’s you create even if you do turn it on. Research TPM in your 7X version, make sure it’s supported or you’ll be fighting an uphill battle…if the hardware is new enough to HAVE TPM 2.X installed, chances are it’s turned on in BIOS/UEFI and it’s just not supported by your level of ESXi.

2 Spice ups

Before we get in to the physics, be aware you can’t just spin up a VM of any Windows desktop, you need specific licenses to be legal with these, notably an EA with SA or VDA licenses. Some 365 subscriptions allow this, but in most setups this is often too expensive compared to physical devices.

Unlikely. But before any major changes like this it’s always best to check your backups.

If i was you, I’d get your licensing sorted before you go down the TPM route, you can’t simply use an EOM/Retail or VL license for this and a datacentre license for your host doesn’t cover desktop OSes.

This has been covered so many times before.

There are some exceptions, such as trials, master build for OS deployment etc, but if this is an actively used device, get your licensing covered first.

5 Spice ups

So long as OP stays within the ‘eval period’ and either licenses the VM or deletes it from disk before it expires, they’ll be fine…but yes, need to be valid in license use!!

Did you note what ESXi version OP is running, by the way? 6.7X attempting to use TPM is not likely going to go well, as it was obsolete before TPM was even a thing!

1 Spice up

Just enabling the TPM will not do anything to the host. It will boot normally to vSphere ESXi.

1 Spice up

That’s not what I seen.

2 Spice ups

You’re right, I’m mixing up the two threads about nearly the same topic.

2 Spice ups

Enabling TPM in the BIOS is usually safe and straightforward, especially if you’re not currently using features like BitLocker or Secure Boot on the host. Just make sure the firmware is up to date and check VMware’s compatibility guide to ensure no conflicts. After enabling TPM and SHA-256, verify that the host boots cleanly before bringing VMs back online.

2 Spice ups

The VM needs a virtual TPM 2.0 (vTPM) and vTPM does not require a physical TPM on the host. See the following for guides for adding vTPM to new or existing VMs:

3 Spice ups

I tired to set it up with vTPM, but am getting the following error:

A general runtime error occurred. Key provider myesxi.local-vTPM is not compatible with the host 192.168.1.11. Reason: “The host does not support Native Key Provider.”

From what I read, ESXi 7.0 Update 2 Build 17630552 is required for vTPM. Installed version (I know it’s not the latest) is VMware ESXi, 7.0.3, 23794027.

Installed CPU is Intel(R) Xeon(R) E-2286G CPU @ 4.00GHz.

Server does not have a TPM module, I confirmed that earlier today, but I don’t believe it’s required for vTPM.

Thank you.

1 Spice up

You do not meet the requirements to deploy a Win11 VM with a vTPM.

2 Spice ups

OP - there’s your answer. System limitation.

…“The host does not support Native Key Provider.”…

It looks like need to create cluster and use vSphere to use the Native Key Provider – a single host cluster if only one host or don’t want to cluster with another host.

1 Spice up